Cryptographic signatures, also referred to as digital signatures, have become an increasingly ubiquitous way of authenticating both message origin and message integrity, as well as providing non-repudiation for cryptographically signed data. Generally, a valid cryptographic signature ensures that the message originates from a known sender, the known sender in fact signed the message, and the content of the message has not been tampered.
Conventional techniques rely on several steps to create and verify a cryptographic signature. Broadly speaking, these steps include a key generation algorithm to create a public and private key-pair; a signing algorithm to produce the cryptographic signature and signed message; and a verification algorithm to verify the cryptographic signature. Typically, a unique cryptographic signature must be created for each signed message, respectively.
For example, one context in which cryptographic signatures are utilized extensively is in domain name system security extensions (DNSSEC). In DNSSEC, cryptographic signatures may be utilized by a domain name system (DNS) name server to provide DNS clients, also referred to as resolvers, with authentication of DNS data origin and integrity. DNSSEC is mainly designed to provide answers, to DNS queries, that are cryptographically signed by an authoritative name server in a DNSSEC protected zone. DNSSEC is most often utilized to protect internet protocol (IP) address information provided by the DNS, such as the RDATA field in corresponding resource records (RR), such as A-type and AAAA-type RRs.
However, as the size of the internet has grown, and continues to grow, the deployment of DNSSEC and use of cryptographic signatures has proven to be problematic. For example, DNSSEC deployments may significantly increase computational loads on DNS servers, as each answer is signed by a uniquely generated cryptographic signature. Moreover, signed answers in DNSSEC are usually much larger in size than typical non-DNSSEC answers. This further increases demands on the network and computational loads on the DNS.
Thus, a system for providing numeric pattern normalization for the cryptographic signing of pattern-based data is provided by the embodiments below.